zgrat | afarr[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

afarr.rar
Size

608KB
MD5

acfc2b60a2d79e62aa64082f7369b61a
SHA1

e4a3da22aa758dfd724bad24dcf19c1a78352945
SHA256

e5ef37052eccb6515f29e5cbb7ec7178948431f40be02180d1a996e4c25cfebf
SHA512

0f53eec63078d312897bc332d7e0d183ea9ec4821bd1ed3b69a6a64672b8b4b2f22e2a2f63565939e16026e523b46a6f408b3b47884131b64b447a10c9437a69
SSDEEP

12288:8AOg8h2fDi0s9Wr4SclY22ujbA46ttL+lvLiEHBIqNiA8hJNdlXFn30DxNbT:8ffkTjkSJZEbA1AOEhE1X1M

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/exploit/V2/Electron.exe	family_zgrat_v1

Zgrat family
zgrat

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/exploit/Electron.exe
unpack001/exploit/V2/Electron.exe

Files

afarr.rar
.rar
exploit/Electron.exe
.exe windows:5 windows x86 arch:x86

b757da5e2efe61bb640cadcd6679738f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleAliasExesLengthA
VirtualAlloc
LoadLibraryA
GetProcAddress
VirtualProtect
lstrlenW
CreateThread
Sleep
WaitForSingleObject
FreeConsole
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
WriteConsoleW
RaiseException
RtlUnwind
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
DecodePointer

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 299KB - Virtual size: 301KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exploit/Read before installing.txt
exploit/V2/Electron.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 538KB - Virtual size: 537KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exploit/autoexec/config.json
exploit/autoexec/vehicle.lua
exploit/autoexec/weapon.lua
exploit/bin/Aimbot 3.0.txt
exploit/bin/themes.json
exploit/scripts/Adopt.txt
exploit/scripts/Arsenal.txt
exploit/scripts/Blox Fruits.txt
exploit/scripts/MM2.txt
exploit/workspace/Speech/1.15.0.1/space.txt

Sharing

General

Malware Config

Signatures

Files

b757da5e2efe61bb640cadcd6679738f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 299KB - Virtual size: 301KB

.reloc Size: 5KB - Virtual size: 4KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 538KB - Virtual size: 537KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 299KB - Virtual size: 301KB

.reloc
Size: 5KB - Virtual size: 4KB

.text
Size: 538KB - Virtual size: 537KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B